.comment: The Distribution We Need - page 2

Redmond Issues a Mighty... "Waaahhh!"

October 24, 2001

By
Dennis E. Powell

As you probably know, the United States Government's National Security Agency early
this year undertook a project called "Security-Enhanced Linux." There are some,
whose tinfoil hats are on a little tight, who immediately assume that this means Linux
with all kinds of back doors and things so that the government can spy on you. They avoid
the fact that this is all entirely open source stuff, available to anybody and followed
and audited by kernel developers. (In my experience, those who most fear this are those in
whom the government would have the least interest. If there's a real concern, it's that
bad guys could make use of SELinux -- but the government has a front door for those
situations: they pull up in black sedans, grab their guns, and, armed with warrants, knock
down the front door.)

In fact, what SELinux does is make it impossible for a wayward or misconfigured
application to compromise the whole system. Through mandatory access controls, it provides
tremendous granularity in security policy, giving applications only the bare minimum
permissions needed to perform tasks. There are no SUID programs; nor is there a root
user. And that's just the beginning.

It allows, indeed requires, that the system administrator establish a security policy,
and at its tightest SELinux is pretty solid -- more so than that you'll find on any
out-of-the-box Linux. It is the first and arguably biggest step toward Linux as a trusted
system.

SELinux is to a truly secure operating system as Ext3 is to other journaling
filesystems -- its design goals include compatibility with existing applications and, for
the most part, existing system utilities; those that don't work are patched so that they
will.

In short, it's a really good idea, put together by some of the best people in the
business. Anyone can download and build it into an existing Linux system. It's designed
against Red Hat, but that's little matter for what I have in mind.

Pause a moment and think. Think back a couple of months, before Security was spelled
with a capital s. Was there any reason, any reason in the world, why anyone would not have
wanted the most secure system possible? No, of course not (but for the few apps that, with
the overly broad security policies we have available now, simply would not run on a very
tight machine). There having never been a reason for a wide-open box, and now there being
greater reason than ever for a box that's really locked down, seems to me that there is
wisdom in distributions working toward adiption of SELinux as the standard kernel or at
minimum an option at install.

Indeed, in many respects SELinux can be seen as a government grant to defeat Microsoft
where it is weakest. It would be plain foolish for distributions not to avail themselves
of the help.

The whole thing is open and documented, complete with suggestions of areas where
additional work can be done to make the system even more secure. Given the number and
variety of projects on which distributions have spent money to little effect, it seems
they would jump at one that has slam-dunk merit.

I hope to see the SELinux kernel, further enhanced, in the spring round of
distributions. There is good reason for it to become standard.